Thread (4 messages) 4 messages, 1 author, 2005-05-27

[7/10] [IPSEC] Fix xfrm_state leaks in error path

From: Herbert Xu <herbert@gondor.apana.org.au>
Date: 2005-05-27 11:14:58 

Herbert Xu wrote:
quoted hunk ↗ jump to hunk
@@ -1254,6 +1326,7 @@ static int pfkey_add(struct sock *sk, st
      if (IS_ERR(x))
              return PTR_ERR(x);

+     xfrm_state_hold(x);
This introduces a leak when xfrm_state_add()/xfrm_state_update()
fail. We hold two references (one from xfrm_state_alloc(), one
from xfrm_state_hold()), but only drop one. We need to take the
reference because the reference from xfrm_state_alloc() can
be dropped by __xfrm_state_delete(), so the fix is to drop both
references on error. Same problem in xfrm_user.c.

Signed-off-by: Patrick McHardy <redacted>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} [off-list ref]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Attachments

Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help